<?php$email = $mysqli->escape_string($_POST['firstname']);$result = $mysqli-

1. <?php
2. $email = $mysqli->escape_string($_POST['firstname']);
3. $result = $mysqli->query("SELECT * FROM users WHERE first_name='$email'");
4.  
5. if ( $result->num_rows == 0 ){
6. $_SESSION['message'] = "User with that login doesn't exist!";
7. header("location: error.php");
8. }
9. else {
10. $user = $result->fetch_assoc();
11.  
12. if ( password_verify($_POST['password'], $user['password']) ) {
13.  
14. $_SESSION['email'] = $user['email'];
15. $_SESSION['first_name'] = $user['first_name'];
16. $_SESSION['last_name'] = $user['last_name'];
17. $_SESSION['active'] = $user['active'];
18. $_SESSION['points'] = $user['points'];
19. $_SESSION['ranksimg'] = $user['ranksimg'];
20. $_SESSION['rankstxt'] = $user['rankstxt'];
21.  
22. $_SESSION['logged_in'] = true;
23.  
24. header("location: profile.php");
25. }
26. else {
27. $_SESSION['message'] = "You have entered wrong password, try again!";
28. header("location: error.php");
29. }
30. }